CVE-2007-2650

Name: CVE-2007-2650
Creator: NVD / NIST
Published: 2007-05-14T21:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.25%

Last modified Jun 16, 2026

CVE-2007-2650 is a vulnerability of currently unknown severity. The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.. EPSS estimates a 3.25% chance of exploitation in the next 30 days.

Description

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

Metrics

EPSS Probability

3.25%

86.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Clamav	Clamav	< 0.90.3
Debian	Debian Linux	3.1
Debian	Debian Linux	4.0

References

http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853Broken Link
http://kolab.org/security/kolab-vendor-notice-15.txtBroken Link
http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.htmlBroken Link
http://secunia.com/advisories/25244Patch, Third Party Advisory
http://secunia.com/advisories/25523Third Party Advisory
http://secunia.com/advisories/25525Third Party Advisory
http://secunia.com/advisories/25553Third Party Advisory
http://secunia.com/advisories/25558Third Party Advisory
http://secunia.com/advisories/25688Third Party Advisory
http://secunia.com/advisories/25796Third Party Advisory
http://security.gentoo.org/glsa/glsa-200706-05.xmlThird Party Advisory
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLogBroken Link
http://www.debian.org/security/2007/dsa-1320Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:115Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_33_clamav.htmlThird Party Advisory
http://www.securityfocus.com/bid/24316Third Party Advisory, VDB Entry
http://www.trustix.org/errata/2007/0020/Broken Link
http://www.vupen.com/english/advisories/2007/1776Permissions Required
http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853Broken Link
http://kolab.org/security/kolab-vendor-notice-15.txtBroken Link
http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.htmlBroken Link
http://secunia.com/advisories/25244Patch, Third Party Advisory
http://secunia.com/advisories/25523Third Party Advisory
http://secunia.com/advisories/25525Third Party Advisory
http://secunia.com/advisories/25553Third Party Advisory
http://secunia.com/advisories/25558Third Party Advisory
http://secunia.com/advisories/25688Third Party Advisory
http://secunia.com/advisories/25796Third Party Advisory
http://security.gentoo.org/glsa/glsa-200706-05.xmlThird Party Advisory
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLogBroken Link
http://www.debian.org/security/2007/dsa-1320Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:115Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_33_clamav.htmlThird Party Advisory
http://www.securityfocus.com/bid/24316Third Party Advisory, VDB Entry
http://www.trustix.org/errata/2007/0020/Broken Link
http://www.vupen.com/english/advisories/2007/1776Permissions Required

Timeline

Published: May 14, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-2650?

How severe is CVE-2007-2650?

Severity scoring for CVE-2007-2650 is pending analysis. The EPSS model estimates a 3.25% probability of exploitation in the next 30 days.

How do I fix CVE-2007-2650?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-2650?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST